Swedish cybersecurity evaluation laboratory specialising in MILS architectures, formal security certification, and verification tools for critical infrastructure and transport.
ATSEC Information Security AB is a professional cybersecurity evaluation and certification laboratory based in Sweden. Their core business is security testing, assurance methodology, and the formal evaluation of IT products and systems against international security standards such as Common Criteria (ISO/IEC 15408). In their H2020 projects, they contributed specialised expertise in MILS (Multiple Independent Levels of Security) architectures, compositional assurance frameworks, and automated certification tooling — applying formal security verification methods to protect critical infrastructure and railway systems. They function as a technical specialist rather than a research institution, bringing real-world certification know-how into academic-industrial consortia.
Both CITADEL and CYRail engaged ATSEC specifically for their expertise in verification tools and automated certification assurance — the defining keywords across their entire H2020 portfolio.
CITADEL (2016–2019) is built around adaptive MILS and compositional assurance for resilient critical infrastructure protection, placing MILS architecture at the centre of ATSEC's contribution.
CITADEL addressed dynamic reconfiguration and adaptive self-healing for critical infrastructure, areas where ATSEC provided formal security analysis and tooling.
CYRail (2016–2018, Shift2Rail) extended ATSEC's security evaluation capabilities into the railway domain, showing ability to apply sector-specific cybersecurity standards.
CITADEL explicitly lists 'verification tools' and 'automated certification assurance' as keyword outputs, reflecting ATSEC's tooling contribution to the project.
Both H2020 projects began in 2016, which means there is no meaningful chronological keyword shift to analyse — the full keyword set (MILS, compositional assurance, adaptive self-healing, verification tools, automated certification assurance) belongs entirely to the first and only wave of activity. What the data does show is a deliberate broadening of application domain within a single period: CITADEL applied formal security certification to generic critical infrastructure, while CYRail applied similar methods to the specific regulatory context of rail transport under the Shift2Rail programme. The underlying competence — security assurance, certification methodology, formal verification — remained constant; what changed was the target sector.
With no projects after 2016, the trajectory is unclear, but the move from generic critical infrastructure (CITADEL) to a regulated transport sector (CYRail/Shift2Rail) suggests ATSEC was positioning itself as a certification expert for safety-critical, highly regulated industries — a direction consistent with their commercial focus on Common Criteria evaluation.
ATSEC participates exclusively as a consortium partner and has never led an H2020 project — a pattern consistent with their role as a specialist evaluator brought in for a specific technical contribution rather than as a research or system-integration lead. Despite only two projects, they engaged with 19 distinct partner organisations across 9 countries, suggesting they integrate smoothly into large multi-partner consortia without repeated use of the same partners. Working with ATSEC likely means access to a focused security certification competence that complements research teams lacking formal evaluation experience.
ATSEC built a European network of 19 unique partners across 9 countries from only two projects — an unusually broad reach for such a small portfolio, reflecting the large consortium structures typical of Shift2Rail and security IA projects. No geographic cluster is discernible from available data, though their Swedish base and participation in pan-European security programmes points to a northern and central European orientation.
ATSEC occupies a rare niche in EU research consortia: a commercial security evaluation laboratory (not a university or research institute) that brings operational certification methodology — specifically Common Criteria and MILS-based assurance — directly into collaborative R&D projects. Most consortia in critical infrastructure and transport security include academic security researchers; ATSEC offers something different: the practical knowledge of what it takes to get a system formally certified, which is exactly what projects building real deployable solutions need. For any consortium developing a security-critical product that must eventually pass formal evaluation, ATSEC provides a shortcut from prototype to certifiable system.
